Since creating sessions and generating its corresponding tokens involves your developer api key and secret, they should always be executed in your server to prevent your credentials from being exposed.

In short, sessions are like rooms. People connected to the same session Id will be able to publish and subscribe to each other’s video stream. Session Ids exist forever, so it’s safe to store them in the database.

In order to connect to the session, we need a valid token. Tokens are always generated for its respective sessionId, and expires after 24 hours due to security reasons.

The simplest way to create sessions and generate its corresponding token is to simply call createSession() and generateToken( sessionId ) methods in our supported server side SDKs. You can find a full list of our supported SDKs and their corresponding documentation on our github page.

If you could not find an SDK or library for your server side code, heres our documentation around how to create session IDs over a restful call. In short, simply send a post request with HTTP header: X-TB-PARTNER-AUTH and your developer credentials separated by a colon apiKey:partner_secret.

After you retrieve a session id, you must generate a corresponding token for it so your user can connect to that session. Generating tokens involve encrypting your developer credentials along with the corresponding session id, and the full algorithm is located here.

Congratulations! Now that you know how to generate sessions and tokens on your server and how to publish and subscribe on the client side, check out some of our getting started demo apps!